Asus RT-N66U 3.0.0.4.374_720 - CSRF Vulnerability

Exploit for hardware platform in category web applications Exploit Title: CSRF Asus RT-N66U Arbitrary Command Execution Google Dork: N.A. Date: 30 September 2013 Exploit Author: cgcai https://www.qxcg.net/arbitrary-command-execution-on-an-asus-rtn66u.html Vendor Homepage:...

MGASA-2013-0262 Updated nagstamon package fixes security vulnerability

A user details information exposure flaw was found in the way Nagstamon performed automated requests to get information about available updates. Remote attackers could use this flaw to obtain user credentials for servers monitored by the desktop status monitor due to their improper base64...

Re: Cisco/Linksys E1200 N300 Reflected XSS

Mitre has assigned the following CVE for this issue: CVE-2013-2679 On Mon, Apr 29, 2013 at 12:27 AM, Carl Benedict [email protected] wrote: Summary -------------------- Software : Cisco/Linksys Router OS Hardware : E1200 N300 others currently untested Version : 2.0.04 others currently...

Cisco Linksys E1200 / N300 Cross Site Scripting

Summary -------------------- Software : Cisco/Linksys Router OS Hardware : E1200 N300 others currently untested Version : 2.0.04 others currently untested Website : http://www.linksys.com Issue : Reflected XSS Severity : Medium Researcher: Carl Benedict theinfinitenigma Product Description...

OpenShift Enterprise and Online vulnerable to CSRF attack with REST API

A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser...

basic_auth

This plugin bruteforces basic authentication logins. Nine configurable parameters exist: usersFile stopOnFirst passwdFile passEqUser useLeetPasswd useSvnUsers useEmails useProfiling profilingNumber This plugin will take users from the file pointed by "usersFile", mail users found on the site and...

Cisco/Linksys E1200 N300 Reflected XSS

Summary -------------------- Software : Cisco/Linksys Router OS Hardware : E1200 N300 others currently untested Version : 2.0.04 others currently untested Website : http://www.linksys.com Issue : Reflected XSS Severity : Medium Researcher: Carl Benedict theinfinitenigma Product Description...

Cisco Linksys WRT310N 2.0.00 Denial Of Service Vulnerability

Cisco Linksys WRT310N version 2.0.00 suffers from a remote denial of service vulnerability. Summary -------------------- Software : Cisco/Linksys Router OS Hardware : WRT310N v2 others currently untested Version : 2.0.00 others currently untested Website : http://www.linksys.com Issue : Remote...

Cisco Linksys WRT310N 2.0.00 Denial Of Service

Summary -------------------- Software : Cisco/Linksys Router OS Hardware : WRT310N v2 others currently untested Version : 2.0.00 others currently untested Website : http://www.linksys.com Issue : Remote Denial of Service Severity : High Researcher: Carl Benedict theinfinitenigma Product Descripti...

External image sources can trigger a basic authentication dialogue

When an external resourcee.g. http://foo.com/image.jpeg is used as the source of an image tag, if the external resource returns a 401 response code and sets a WWW-Authenticate header then the browsers standard 'Basic authentication' dialogue will pop up within on the confluence page. While this i...

External image sources can trigger a basic authentication dialogue

When an external resourcee.g. http://foo.com/image.jpeg is used as the source of an image tag, if the external resource returns a 401 response code and sets a WWW-Authenticate header then the browsers standard 'Basic authentication' dialogue will pop up within on the confluence page. While this i...

External image sources can trigger a basic authentication dialogue

When an external resourcee.g. http://foo.com/image.jpeg is used as the source of an image tag, if the external resource returns a 401 response code and sets a WWW-Authenticate header then the browsers standard 'Basic authentication' dialogue will pop up within on the confluence page. While this i...

CVE-2013-0922

Google Chrome before 26.0.1410.43 does not properly restrict brute-force access attempts against web sites that require HTTP Basic Authentication, which has unspecified impact and attack vectors...

Design/Logic Flaw

Google Chrome before 26.0.1410.43 does not properly restrict brute-force access attempts against web sites that require HTTP Basic Authentication, which has unspecified impact and attack vectors...

CVE-2013-0922

Google Chrome before 26.0.1410.43 does not properly restrict brute-force access attempts against web sites that require HTTP Basic Authentication, which has unspecified impact and attack vectors...

CVE-2013-0922

Removed by vendor...

CVE-2013-0922

Google Chrome before 26.0.1410.43 does not properly restrict brute-force access attempts against web sites that require HTTP Basic Authentication, which has unspecified impact and attack vectors...

CVE-2013-0922

CVE-2013-0922 affects Google Chrome (pre-26.0.1410.43) and describes insufficient restriction of brute-force attempts against sites using HTTP Basic Authentication. The connected OpenVAS/Gentoo entries confirm this CVE and point to remediation via upgrading Chromium/Chrome to newer versions (Gent...

Google Chrome < 26.0.1410.43 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is a version prior to 26.0.1410.43 and is, therefore, affected by the following vulnerabilities : - Use-after-free errors exist related to 'Web Audio' and the extension bookmarks API. CVE-2013-0916, CVE-2013-0920 - An out-of-bounds read...

CVE-2012-5952

IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2 does not validate Basic Authentication credentials before proceeding to WS-Addressing and WS-Security operations, which allows remote attackers to trigger transmission of unauthenticated messages via...